<?php
error_reporting(0);
//Code By Safe3 
function customError($errno, $errstr, $errfile, $errline)
{ 
 echo "<b>Error number:</b> [$errno],error on line $errline in $errfile<br />";
 die();
}
set_error_handler("customError",E_ERROR);
$getfilter="'|(and|or )\\b.+?(>|<|=|in|like)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|CALL\\s+|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
$postfilter="\\b(and|or )\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|CALL\\s+|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
$cookiefilter="\\b(and|or )\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|CALL\\s+|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
function StopAttack($StrFiltKey,$StrFiltValue,$ArrFiltReq){  
$logs="";
	$tuid=$_SESSION['member-uid'];
$tusername=$_SESSION['member-username'];
$posts["userinfo"]['uid']=$tuid;
$posts["userinfo"]['username']=$tusername;
$posts["userinfo"]['time']=date("Y-m-d H:i:s", time());
$posts["userinfo"]['ip']=getip();
$posts["userinfo"]['url']='http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'].'?'.$_SERVER['QUERY_STRING'];
$posts["userinfo"]['fs']=1;
$posts=array_merge($posts,$StrFiltValue);
$logs=var_export($posts,TRUE) ;

if (preg_match("/".$ArrFiltReq."/is",$logs)==1){   
slog($logs);
        print "Error!";
        exit();
}      
}  
$wzurl='http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
if (preg_match("/".$getfilter."/is",$wzurl)==1||preg_match("/".$postfilter."/is",$wzurl)==1||preg_match("/".$cookiefilter."/is",$wzurl)==1){   
$tuid=$_SESSION['member-uid'];
$tusername=$_SESSION['member-username'];
       slog("<br><br>UID:".$tuid." Username:".$tusername."操作IP: ".getip()."<br>操作时间: ".strftime("%Y-%m-%d %H:%M:%S")."<br>提交数据: ".$wzurl);
        print "Error!";
        exit();
}  
//$ArrPGC=array_merge($_GET,$_POST,$_COOKIE);
if($_GET){ 
//	StopAttack($key,$_GET,$getfilter);
}
if($_POST){ 
	StopAttack($key,$_POST,$postfilter);
}
if($_COOKIE){ 
	StopAttack($key,$_COOKIE,$cookiefilter);
}
if (file_exists('update360.php')) {
	echo "请重命名文件update360.php，防止黑客利用<br/>";
    die();
}
function slog($logs)
{
  $toppath=$_SERVER["DOCUMENT_ROOT"]."/errlog/".date("Y-m-d", time())."-log.txt";
  $Ts=fopen($toppath,"a+");
  fputs($Ts,$logs."\r\n");
  fclose($Ts);
}


function getip()
{
$remoteip="";
$remoteip = $_SERVER['HTTP_X_FORWARDED_FOR'];
if ($remoteip == ""){
$remoteip = $_SERVER['REMOTE_ADDR'];
}else{
$remoteip = $remoteip ;
}
return $remoteip;
}
?>